Task Contract Pack (MVP)
last updated: 2026-03-01
This page defines the machine-checkable I/O contracts used by the Protocol Factory MVP.
These contracts serve three purposes:
- Step Functions integration (structured outputs; no scraping logs)
- Determinism boundaries (LLMs propose; tools verify; outputs are typed)
- Auditability (every artifact and event is hash-addressed)
Files in this pack
Schemas (JSON Schema 2020-12):
contracts/planner_task_io.schema.jsoncontracts/builder_task_io.schema.jsoncontracts/verifier_task_io.schema.jsoncontracts/ledger_event.schema.jsoncontracts/evidence_bundle_manifest.schema.json
Examples:
contracts/examples/planner.success.jsoncontracts/examples/builder.success.jsoncontracts/examples/verifier.success.jsoncontracts/examples/ledger.event.plan_generated.jsoncontracts/examples/evidence.manifest.json
Contract design principles
- Opaque large payloads: prompts and full logs go to S3; Step Functions receives references + hashes.
- Hashes everywhere: anything used in dispute workflows is content-addressed (SHA-256).
- Stable IDs: use
run_id+phase+stepand ULIDs for sub-objects. - No secrets: schemas never include tokens, keys, or internal endpoints.
Where these are used
- PlannerAgent emits a
PlannerResultto the state machine. - BuilderAgent emits a
BuilderResult(including the created git refs). - VerifierAgent emits a
VerifierResultand sets the gate outcome. - Every significant transition writes a
LedgerEventrecord. - PRs link to an
EvidenceBundleManifeststored in S3.
Public vs private note
These contracts are safe to publish because they describe interfaces and invariants, not your private:
- credentials/secrets,
- internal network topology,
- proprietary prompts,
- partner integrations,
- cost/rate-limits,
- security thresholds.
If you later decide to keep the factory proprietary, you can keep these schemas public while moving:
- concrete prompt templates
- policy thresholds
- infra wiring (exact ARNs, IAM roles, subnet IDs) into a private repo.